Incidents - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-04-11
Category
Administrator Guide
Solution
Cloud
Abstract

Manage and investigate incidents in Cortex XSOAR.

Incidents are potential security data threats that SOC administrators identify and remediate. There are several incident triggers, including:

  • SIEM alerts

  • Mail alerts

  • Security alerts from third-party services, such as SIEM, mail boxes, data in CSV format, etc.

Cortex XSOAR includes several out-of-the-box incident types, and users can add custom incident types with custom fields, as necessary.